package org.wso2.carbon.identity.oauth;

import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.Charsets;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.utils.Base64;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ServerException;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthUtil.class */
public final class OAuthUtil {
    public static final Log LOG = LogFactory.getLog(OAuthUtil.class);
    private static final String ALGORITHM = "HmacSHA1";

    private OAuthUtil() {
    }

    public static String getRandomNumber() throws IdentityOAuthAdminException {
        try {
            String generateUUID = UUIDGenerator.generateUUID();
            String generateUUID2 = UUIDGenerator.generateUUID();
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateUUID.getBytes(Charsets.UTF_8), ALGORITHM);
            Mac mac = Mac.getInstance(ALGORITHM);
            mac.init(secretKeySpec);
            return Base64.encode(mac.doFinal(generateUUID2.getBytes(Charsets.UTF_8))).replace("/", "_").replace("=", "a").replace("+", "f");
        } catch (Exception e) {
            throw new IdentityOAuthAdminException("Error when generating a random number.", e);
        }
    }

    public static void clearOAuthCache(String str, User user) {
        String str2;
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(UserCoreUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), user.getTenantDomain());
        if (user instanceof AuthenticatedUser) {
            str2 = ((AuthenticatedUser) user).getFederatedIdPName();
        } else {
            str2 = null;
            if (LOG.isDebugEnabled()) {
                LOG.debug("User object is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name.");
            }
            clearOAuthCache(str, addTenantDomainToEntry);
        }
        clearOAuthCacheWithAuthenticatedIDP(str, addTenantDomainToEntry, str2);
    }

    public static void clearOAuthCache(String str, User user, String str2) {
        String str3;
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(UserCoreUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), user.getTenantDomain());
        if (user instanceof AuthenticatedUser) {
            str3 = ((AuthenticatedUser) user).getFederatedIdPName();
        } else {
            str3 = null;
            if (LOG.isDebugEnabled()) {
                LOG.debug("User object is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name.");
            }
            clearOAuthCache(str, addTenantDomainToEntry, str2);
        }
        clearOAuthCacheWithAuthenticatedIDP(str, addTenantDomainToEntry, str2, str3);
    }

    public static void clearOAuthCache(String str, User user, String str2, String str3) {
        String str4;
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(UserCoreUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), user.getTenantDomain());
        if (user instanceof AuthenticatedUser) {
            str4 = ((AuthenticatedUser) user).getFederatedIdPName();
        } else {
            str4 = null;
            if (LOG.isDebugEnabled()) {
                LOG.debug("User is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name");
            }
            clearOAuthCache(str, addTenantDomainToEntry, str2);
        }
        clearOAuthCache(buildCacheKeyStringForToken(str, str2, addTenantDomainToEntry, str4, str3));
    }

    @Deprecated
    public static void clearOAuthCache(String str, String str2) {
        if (!IdentityUtil.isUserStoreInUsernameCaseSensitive(str2)) {
            str2 = str2.toLowerCase();
        }
        clearOAuthCache(str + ":" + str2);
    }

    private static void clearOAuthCacheWithAuthenticatedIDP(String str, String str2, String str3) {
        if (!IdentityUtil.isUserStoreInUsernameCaseSensitive(str2)) {
            str2 = str2.toLowerCase();
        }
        clearOAuthCache(str + ":" + str2 + ":" + str3);
    }

    @Deprecated
    public static void clearOAuthCache(String str, String str2, String str3) {
        if (!IdentityUtil.isUserStoreInUsernameCaseSensitive(str2)) {
            str2 = str2.toLowerCase();
        }
        clearOAuthCache(str + ":" + str2 + ":" + str3);
    }

    private static void clearOAuthCacheWithAuthenticatedIDP(String str, String str2, String str3, String str4) {
        if (!IdentityUtil.isUserStoreInUsernameCaseSensitive(str2)) {
            str2 = str2.toLowerCase();
        }
        clearOAuthCache(str + ":" + str2 + ":" + str3 + ":" + str4);
    }

    public static String buildCacheKeyStringForToken(String str, String str2, String str3, String str4, String str5) {
        return IdentityUtil.isUserStoreInUsernameCaseSensitive(str3) ? str + ":" + str3 + ":" + str2 + ":" + str4 + ":" + str5 : str + ":" + str3.toLowerCase() + ":" + str2 + ":" + str4 + ":" + str5;
    }

    public static void clearOAuthCache(String str) {
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str));
    }

    public static AuthenticatedUser getAuthenticatedUser(String str) {
        if (StringUtils.isBlank(str)) {
            throw new RuntimeException("Invalid username.");
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(str));
        authenticatedUser.setTenantDomain(MultitenantUtils.getTenantDomain(str));
        String str2 = str;
        if (str.startsWith(authenticatedUser.getUserStoreDomain())) {
            str2 = UserCoreUtil.removeDomainFromName(str);
        }
        authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(str2));
        return authenticatedUser;
    }

    public static IdentityOAuthAdminException handleError(String str, Exception exc) {
        return exc == null ? new IdentityOAuthAdminException(str) : new IdentityOAuthAdminException(Error.UNEXPECTED_SERVER_ERROR.getErrorCode(), str, exc);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static IdentityOAuthAdminException handleErrorWithExceptionType(String str, IdentityOAuth2Exception identityOAuth2Exception) {
        if (identityOAuth2Exception == 0) {
            return new IdentityOAuthAdminException(str);
        }
        if (StringUtils.isBlank(identityOAuth2Exception.getErrorCode())) {
            handleError(str, identityOAuth2Exception);
        }
        return identityOAuth2Exception instanceof IdentityOAuth2ClientException ? new IdentityOAuthClientException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception) : identityOAuth2Exception instanceof IdentityOAuth2ServerException ? new IdentityOAuthServerException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception) : new IdentityOAuthAdminException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception);
    }

    public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO oAuthAppDO) {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(oAuthAppDO.getApplicationName());
        oAuthConsumerAppDTO.setCallbackUrl(oAuthAppDO.getCallbackUrl());
        oAuthConsumerAppDTO.setOauthConsumerKey(oAuthAppDO.getOauthConsumerKey());
        oAuthConsumerAppDTO.setOauthConsumerSecret(oAuthAppDO.getOauthConsumerSecret());
        oAuthConsumerAppDTO.setOAuthVersion(oAuthAppDO.getOauthVersion());
        oAuthConsumerAppDTO.setGrantTypes(oAuthAppDO.getGrantTypes());
        oAuthConsumerAppDTO.setScopeValidators(oAuthAppDO.getScopeValidators());
        oAuthConsumerAppDTO.setUsername(oAuthAppDO.getUser().toFullQualifiedUsername());
        oAuthConsumerAppDTO.setState(oAuthAppDO.getState());
        oAuthConsumerAppDTO.setPkceMandatory(oAuthAppDO.isPkceMandatory());
        oAuthConsumerAppDTO.setPkceSupportPlain(oAuthAppDO.isPkceSupportPlain());
        oAuthConsumerAppDTO.setUserAccessTokenExpiryTime(oAuthAppDO.getUserAccessTokenExpiryTime());
        oAuthConsumerAppDTO.setApplicationAccessTokenExpiryTime(oAuthAppDO.getApplicationAccessTokenExpiryTime());
        oAuthConsumerAppDTO.setRefreshTokenExpiryTime(oAuthAppDO.getRefreshTokenExpiryTime());
        oAuthConsumerAppDTO.setIdTokenExpiryTime(oAuthAppDO.getIdTokenExpiryTime());
        oAuthConsumerAppDTO.setAudiences(oAuthAppDO.getAudiences());
        oAuthConsumerAppDTO.setRequestObjectSignatureValidationEnabled(oAuthAppDO.isRequestObjectSignatureValidationEnabled());
        oAuthConsumerAppDTO.setIdTokenEncryptionEnabled(oAuthAppDO.isIdTokenEncryptionEnabled());
        oAuthConsumerAppDTO.setIdTokenEncryptionAlgorithm(oAuthAppDO.getIdTokenEncryptionAlgorithm());
        oAuthConsumerAppDTO.setIdTokenEncryptionMethod(oAuthAppDO.getIdTokenEncryptionMethod());
        oAuthConsumerAppDTO.setBackChannelLogoutUrl(oAuthAppDO.getBackChannelLogoutUrl());
        oAuthConsumerAppDTO.setFrontchannelLogoutUrl(oAuthAppDO.getFrontchannelLogoutUrl());
        oAuthConsumerAppDTO.setTokenType(oAuthAppDO.getTokenType());
        oAuthConsumerAppDTO.setBypassClientCredentials(oAuthAppDO.isBypassClientCredentials());
        oAuthConsumerAppDTO.setRenewRefreshTokenEnabled(oAuthAppDO.getRenewRefreshTokenEnabled());
        oAuthConsumerAppDTO.setTokenBindingType(oAuthAppDO.getTokenBindingType());
        oAuthConsumerAppDTO.setTokenRevocationWithIDPSessionTerminationEnabled(oAuthAppDO.isTokenRevocationWithIDPSessionTerminationEnabled());
        oAuthConsumerAppDTO.setTokenBindingValidationEnabled(oAuthAppDO.isTokenBindingValidationEnabled());
        return oAuthConsumerAppDTO;
    }

    public static void invokePostRevocationBySystemListeners(AccessTokenDO accessTokenDO, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPostTokenRevocationBySystem(accessTokenDO, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for post token revocation by system.", e);
        }
    }

    public static void invokePreRevocationBySystemListeners(AccessTokenDO accessTokenDO, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPreTokenRevocationBySystem(accessTokenDO, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for pre token revocation by system.", e);
        }
    }
}
